nico/www.nico.schottelius.org
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
www.nico.schottelius.org/software/cdist/man/4.1.0/man7/cdist-best-practice.html
Darko Poljak 18b81ea2dc cdist manpages version number fix for 4.1.0
2016-05-27 07:59:19 +02:00

545 lines
No EOL
36 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>2. cdist-best-practice(7) &mdash; cdist 4.1.0 documentation</title>
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="top" title="cdist 4.1.0 documentation" href="../index.html"/>
<link rel="next" title="3. cdist-bootstrap(7)" href="cdist-bootstrap.html"/>
<link rel="prev" title="1. cdist(1)" href="../man1/cdist.html"/>
<script src="../_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="../index.html" class="icon icon-home"> cdist
</a>
<div class="version">
4.1.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../man1/cdist.html">1. cdist(1)</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">2. cdist-best-practice(7)</a><ul class="simple">
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="cdist-bootstrap.html">3. cdist-bootstrap(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-explorer.html">4. cdist-explorer(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-hacker.html">5. cdist-hacker(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-manifest.html">6. cdist-manifest(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-messaging.html">7. cdist-messaging(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-quickstart.html">8. cdist-quickstart(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-reference.html">9. cdist-reference(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-remote-exec-copy.html">10. cdist-remote-exec-copy(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-stages.html">11. cdist-stages(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-troubleshooting.html">12. cdist-troubleshooting(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-tutorial.html">13. cdist-tutorial(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type.html">14. cdist-type(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__apt_key.html">15. cdist-type__apt_key(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__apt_key_uri.html">16. cdist-type__apt_key_uri(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__apt_norecommends.html">17. cdist-type__apt_norecommends(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__apt_ppa.html">18. cdist-type__apt_ppa(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__apt_source.html">19. cdist-type__apt_source(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__apt_update_index.html">20. cdist-type__apt_update_index(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__block.html">21. cdist-type__block(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__ccollect_source.html">22. cdist-type__ccollect_source(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__cdist.html">23. cdist-type__cdist(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__cdistmarker.html">24. cdist-type__cdistmarker(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__config_file.html">25. cdist-type__config_file(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul.html">26. cdist-type__consul(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_agent.html">27. cdist-type__consul_agent(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_check.html">28. cdist-type__consul_check(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_reload.html">29. cdist-type__consul_reload(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_service.html">30. cdist-type__consul_service(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_template.html">31. cdist-type__consul_template(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_template_template.html">32. cdist-type__consul_template_template(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_checks.html">33. cdist-type__consul_watch_checks(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_event.html">34. cdist-type__consul_watch_event(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_key.html">35. cdist-type__consul_watch_key(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_keyprefix.html">36. cdist-type__consul_watch_keyprefix(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_nodes.html">37. cdist-type__consul_watch_nodes(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_service.html">38. cdist-type__consul_watch_service(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__consul_watch_services.html">39. cdist-type__consul_watch_services(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__cron.html">40. cdist-type__cron(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__debconf_set_selections.html">41. cdist-type__debconf_set_selections(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__directory.html">42. cdist-type__directory(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__dog_vdi.html">43. cdist-type__dog_vdi(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__file.html">44. cdist-type__file(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__firewalld_rule.html">45. cdist-type__firewalld_rule(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__git.html">46. cdist-type__git(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__group.html">47. cdist-type__group(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__hostname.html">48. cdist-type__hostname(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__iptables_apply.html">49. cdist-type__iptables_apply(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__iptables_rule.html">50. cdist-type__iptables_rule(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__issue.html">51. cdist-type__issue(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__jail.html">52. cdist-type__jail(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__key_value.html">53. cdist-type__key_value(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__line.html">54. cdist-type__line(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__link.html">55. cdist-type__link(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__locale.html">56. cdist-type__locale(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__motd.html">57. cdist-type__motd(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__mount.html">58. cdist-type__mount(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__mysql_database.html">59. cdist-type__mysql_database(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package.html">60. cdist-type__package(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_apt.html">61. cdist-type__package_apt(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_emerge.html">62. cdist-type__package_emerge(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_emerge_dependencies.html">63. cdist-type__package_emerge_dependencies(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_luarocks.html">64. cdist-type__package_luarocks(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_opkg.html">65. cdist-type__package_opkg(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_pacman.html">66. cdist-type__package_pacman(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_pip.html">67. cdist-type__package_pip(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_pkg_freebsd.html">68. cdist-type__package_pkg_freebsd(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_pkg_openbsd.html">69. cdist-type__package_pkg(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_pkgng_freebsd.html">70. cdist-type__package_pkgng_freebsd(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_rubygem.html">71. cdist-type__package_rubygem(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_update_index.html">72. cdist-type__package_update_index(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_upgrade_all.html">73. cdist-type__package_upgrade_all(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_yum.html">74. cdist-type__package_yum(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__package_zypper.html">75. cdist-type__package_zypper(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__pacman_conf.html">76. cdist-type__pacman_conf(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__pacman_conf_integrate.html">77. cdist-type__pacman_conf_integrate(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__pf_apply.html">78. cdist-type__pf_apply(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__pf_ruleset.html">79. cdist-type__pf_ruleset(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postfix.html">80. cdist-type__postfix(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postfix_master.html">81. cdist-type__postfix_master(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postfix_postconf.html">82. cdist-type__postfix_postconf(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postfix_postmap.html">83. cdist-type__postfix_postmap(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postfix_reload.html">84. cdist-type__postfix_reload(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postgres_database.html">85. cdist-type__postgres_database(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__postgres_role.html">86. cdist-type__postgres_role(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__process.html">87. cdist-type__process(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__pyvenv.html">88. cdist-type__pyvenv(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__qemu_img.html">89. cdist-type__qemu_img(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__rbenv.html">90. cdist-type__rbenv(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__rsync.html">91. cdist-type__rsync(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__rvm.html">92. cdist-type__rvm(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__rvm_gem.html">93. cdist-type__rvm_gemset(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__rvm_gemset.html">94. cdist-type__rvm_gemset(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__rvm_ruby.html">95. cdist-type__rvm_ruby(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__ssh_authorized_key.html">96. cdist-type__ssh_authorized_key(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__ssh_authorized_keys.html">97. cdist-type__ssh_authorized_keys(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__ssh_dot_ssh.html">98. cdist-type__ssh_dot_ssh(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__staged_file.html">99. cdist-type__staged_file(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__start_on_boot.html">100. cdist-type__start_on_boot(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__timezone.html">101. cdist-type__timezone(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__update_alternatives.html">102. cdist-type__update_alternatives(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__user.html">103. cdist-type__user(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__user_groups.html">104. cdist-type__user_groups(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__yum_repo.html">105. cdist-type__yum_repo(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__zypper_repo.html">106. cdist-type__zypper_repo(7)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cdist-type__zypper_service.html">107. cdist-type__zypper_service(7)</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">cdist</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html">Docs</a> &raquo;</li>
<li>2. cdist-best-practice(7)</li>
<li class="wy-breadcrumbs-aside">
<a href="../_sources/man7/cdist-best-practice.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="cdist-best-practice-7">
<h1>2. cdist-best-practice(7)<a class="headerlink" href="#cdist-best-practice-7" title="Permalink to this headline"></a></h1>
<p>Practices used in real environments</p>
<p>Nico Schottelius &lt;<a class="reference external" href="mailto:nico-cdist--&#37;&#52;&#48;--schottelius&#46;org">nico-cdist--<span>&#64;</span>--schottelius<span>&#46;</span>org</a>&gt;</p>
<div class="section" id="passwordless-connections">
<h2>2.1. PASSWORDLESS CONNECTIONS<a class="headerlink" href="#passwordless-connections" title="Permalink to this headline"></a></h2>
<p>It is recommended to run cdist with public key authentication.
This requires a private/public key pair and the entry
&#8220;PermitRootLogin without-password&#8221; in the sshd server.
See sshd_config(5) and ssh-keygen(1).</p>
</div>
<div class="section" id="speeding-up-ssh-connections">
<h2>2.2. SPEEDING UP SSH CONNECTIONS<a class="headerlink" href="#speeding-up-ssh-connections" title="Permalink to this headline"></a></h2>
<p>When connecting to a new host, the initial delay with ssh connections
is pretty big. You can work around this by
&#8220;sharing of multiple sessions over a single network connection&#8221;
(quote from ssh_config(5)). The following code is suitable for
inclusion into your ~/.ssh/config:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">Host</span> <span class="o">*</span>
<span class="n">ControlPath</span> <span class="o">~/.</span><span class="n">ssh</span><span class="o">/</span><span class="n">master</span><span class="o">-%</span><span class="n">l</span><span class="o">-%</span><span class="n">r</span><span class="o">@%</span><span class="n">h</span><span class="p">:</span><span class="o">%</span><span class="n">p</span>
<span class="n">ControlMaster</span> <span class="n">auto</span>
<span class="n">ControlPersist</span> <span class="mi">10</span>
</pre></div>
</div>
</div>
<div class="section" id="speeding-up-shell-execution">
<h2>2.3. SPEEDING UP SHELL EXECUTION<a class="headerlink" href="#speeding-up-shell-execution" title="Permalink to this headline"></a></h2>
<p>On the source host, ensure that /bin/sh is <em>not</em> bash: bash is quite slow for
script execution. Instead, you could use dash after installing it:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">ln</span> <span class="o">-</span><span class="n">sf</span> <span class="o">/</span><span class="nb">bin</span><span class="o">/</span><span class="n">dash</span> <span class="o">/</span><span class="nb">bin</span><span class="o">/</span><span class="n">sh</span>
</pre></div>
</div>
</div>
<div class="section" id="multi-master-or-environment-setups">
<h2>2.4. MULTI MASTER OR ENVIRONMENT SETUPS<a class="headerlink" href="#multi-master-or-environment-setups" title="Permalink to this headline"></a></h2>
<p>If you plan to distribute cdist among servers or use different
environments, you can do so easily with the included version
control git. For instance if you plan to use the typical three
environments production, integration and development, you can
realise this with git branches:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="c1"># Go to cdist checkout</span>
<span class="n">cd</span> <span class="o">/</span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">cdist</span>
<span class="c1"># Create branches</span>
<span class="n">git</span> <span class="n">branch</span> <span class="n">development</span>
<span class="n">git</span> <span class="n">branch</span> <span class="n">integration</span>
<span class="n">git</span> <span class="n">branch</span> <span class="n">production</span>
<span class="c1"># Make use of a branch, for instance production</span>
<span class="n">git</span> <span class="n">checkout</span> <span class="n">production</span>
</pre></div>
</div>
<p>Similar if you want to have cdist checked out at multiple machines,
you can clone it multiple times:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">machine</span><span class="o">-</span><span class="n">a</span> <span class="o">%</span> <span class="n">git</span> <span class="n">clone</span> <span class="n">git</span><span class="p">:</span><span class="o">//</span><span class="n">your</span><span class="o">-</span><span class="n">git</span><span class="o">-</span><span class="n">server</span><span class="o">/</span><span class="n">cdist</span>
<span class="n">machine</span><span class="o">-</span><span class="n">b</span> <span class="o">%</span> <span class="n">git</span> <span class="n">clone</span> <span class="n">git</span><span class="p">:</span><span class="o">//</span><span class="n">your</span><span class="o">-</span><span class="n">git</span><span class="o">-</span><span class="n">server</span><span class="o">/</span><span class="n">cdist</span>
</pre></div>
</div>
</div>
<div class="section" id="seperating-work-by-groups">
<h2>2.5. SEPERATING WORK BY GROUPS<a class="headerlink" href="#seperating-work-by-groups" title="Permalink to this headline"></a></h2>
<p>If you are working with different groups on one cdist-configuration,
you can delegate to other manifests and have the groups edit only
their manifests. You can use the following snippet in
<strong>conf/manifests/init</strong>:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="c1"># Include other groups</span>
<span class="n">sh</span> <span class="o">-</span><span class="n">e</span> <span class="s2">&quot;$__manifest/systems&quot;</span>
<span class="n">sh</span> <span class="o">-</span><span class="n">e</span> <span class="s2">&quot;$__manifest/cbrg&quot;</span>
</pre></div>
</div>
</div>
<div class="section" id="maintaining-multiple-configurations">
<h2>2.6. MAINTAINING MULTIPLE CONFIGURATIONS<a class="headerlink" href="#maintaining-multiple-configurations" title="Permalink to this headline"></a></h2>
<p>When you need to manage multiple sites with cdist, like company_a, company_b
and private for instance, you can easily use git for this purpose.
Including a possible common base that is reused across the different sites:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="c1"># create branches</span>
<span class="n">git</span> <span class="n">branch</span> <span class="n">company_a</span> <span class="n">company_b</span> <span class="n">common</span> <span class="n">private</span>
<span class="c1"># make stuff for company a</span>
<span class="n">git</span> <span class="n">checkout</span> <span class="n">company_a</span>
<span class="c1"># work, commit, etc.</span>
<span class="c1"># make stuff for company b</span>
<span class="n">git</span> <span class="n">checkout</span> <span class="n">company_b</span>
<span class="c1"># work, commit, etc.</span>
<span class="c1"># make stuff relevant for all sites</span>
<span class="n">git</span> <span class="n">checkout</span> <span class="n">common</span>
<span class="c1"># work, commit, etc.</span>
<span class="c1"># change to private and include latest common stuff</span>
<span class="n">git</span> <span class="n">checkout</span> <span class="n">private</span>
<span class="n">git</span> <span class="n">merge</span> <span class="n">common</span>
</pre></div>
</div>
<p>The following <strong>.git/config</strong> is taken from a a real world scenario:</p>
<div class="highlight-default"><div class="highlight"><pre><span></span><span class="c1"># Track upstream, merge from time to time</span>
<span class="p">[</span><span class="n">remote</span> <span class="s2">&quot;upstream&quot;</span><span class="p">]</span>
<span class="n">url</span> <span class="o">=</span> <span class="n">git</span><span class="p">:</span><span class="o">//</span><span class="n">git</span><span class="o">.</span><span class="n">schottelius</span><span class="o">.</span><span class="n">org</span><span class="o">/</span><span class="n">cdist</span>
<span class="n">fetch</span> <span class="o">=</span> <span class="o">+</span><span class="n">refs</span><span class="o">/</span><span class="n">heads</span><span class="o">/*</span><span class="p">:</span><span class="n">refs</span><span class="o">/</span><span class="n">remotes</span><span class="o">/</span><span class="n">upstream</span><span class="o">/*</span>
<span class="c1"># Same as upstream, but works when being offline</span>
<span class="p">[</span><span class="n">remote</span> <span class="s2">&quot;local&quot;</span><span class="p">]</span>
<span class="n">fetch</span> <span class="o">=</span> <span class="o">+</span><span class="n">refs</span><span class="o">/</span><span class="n">heads</span><span class="o">/*</span><span class="p">:</span><span class="n">refs</span><span class="o">/</span><span class="n">remotes</span><span class="o">/</span><span class="n">local</span><span class="o">/*</span>
<span class="n">url</span> <span class="o">=</span> <span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">users</span><span class="o">/</span><span class="n">nico</span><span class="o">/</span><span class="n">p</span><span class="o">/</span><span class="n">cdist</span>
<span class="c1"># Remote containing various ETH internal branches</span>
<span class="p">[</span><span class="n">remote</span> <span class="s2">&quot;eth&quot;</span><span class="p">]</span>
<span class="n">url</span> <span class="o">=</span> <span class="n">sans</span><span class="o">.</span><span class="n">ethz</span><span class="o">.</span><span class="n">ch</span><span class="p">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">services</span><span class="o">/</span><span class="n">sans</span><span class="o">/</span><span class="n">git</span><span class="o">/</span><span class="n">cdist</span><span class="o">-</span><span class="n">eth</span>
<span class="n">fetch</span> <span class="o">=</span> <span class="o">+</span><span class="n">refs</span><span class="o">/</span><span class="n">heads</span><span class="o">/*</span><span class="p">:</span><span class="n">refs</span><span class="o">/</span><span class="n">remotes</span><span class="o">/</span><span class="n">eth</span><span class="o">/*</span>
<span class="c1"># Public remote that contains my private changes to cdist upstream</span>
<span class="p">[</span><span class="n">remote</span> <span class="s2">&quot;nico&quot;</span><span class="p">]</span>
<span class="n">url</span> <span class="o">=</span> <span class="n">git</span><span class="o">.</span><span class="n">schottelius</span><span class="o">.</span><span class="n">org</span><span class="p">:</span><span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">services</span><span class="o">/</span><span class="n">git</span><span class="o">/</span><span class="n">cdist</span><span class="o">-</span><span class="n">nico</span>
<span class="n">fetch</span> <span class="o">=</span> <span class="o">+</span><span class="n">refs</span><span class="o">/</span><span class="n">heads</span><span class="o">/*</span><span class="p">:</span><span class="n">refs</span><span class="o">/</span><span class="n">remotes</span><span class="o">/</span><span class="n">nico</span><span class="o">/*</span>
<span class="c1"># The &quot;nico&quot; branch will be synced with the remote nico, branch master</span>
<span class="p">[</span><span class="n">branch</span> <span class="s2">&quot;nico&quot;</span><span class="p">]</span>
<span class="n">remote</span> <span class="o">=</span> <span class="n">nico</span>
<span class="n">merge</span> <span class="o">=</span> <span class="n">refs</span><span class="o">/</span><span class="n">heads</span><span class="o">/</span><span class="n">master</span>
<span class="c1"># ETH stable contains rock solid configurations used in various places</span>
<span class="p">[</span><span class="n">branch</span> <span class="s2">&quot;eth-stable&quot;</span><span class="p">]</span>
<span class="n">remote</span> <span class="o">=</span> <span class="n">eth</span>
<span class="n">merge</span> <span class="o">=</span> <span class="n">refs</span><span class="o">/</span><span class="n">heads</span><span class="o">/</span><span class="n">stable</span>
</pre></div>
</div>
<p>Have a look at git-remote(1) to adjust the remote configuration, which allows</p>
</div>
<div class="section" id="multiple-developers-with-different-trust">
<h2>2.7. MULTIPLE DEVELOPERS WITH DIFFERENT TRUST<a class="headerlink" href="#multiple-developers-with-different-trust" title="Permalink to this headline"></a></h2>
<p>If you are working in an environment that requires different people to
work on the same configuration, but having different privileges, you can
implement this scenario with a gateway host and sudo:</p>
<ul>
<li><p class="first">Create a dedicated user (for instance <strong>cdist</strong>)</p>
</li>
<li><p class="first">Setup the ssh-pubkey for this user that has the right to configure all hosts</p>
</li>
<li><p class="first">Create a wrapper to update the cdist configuration in ~cdist/cdist</p>
</li>
<li><p class="first">Allow every developer to execute this script via sudo as the user cdist</p>
</li>
<li><p class="first">Allow run of cdist as user cdist on specific hosts on a per user/group base</p>
<blockquote>
<div><ul class="simple">
<li>f.i. nico ALL=(ALL) NOPASSWD: /home/cdist/bin/cdist config hostabc</li>
</ul>
</div></blockquote>
</li>
</ul>
<p>For more details consult sudoers(5)</p>
</div>
<div class="section" id="templating">
<h2>2.8. TEMPLATING<a class="headerlink" href="#templating" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li>create directory files/ in your type (convention)</li>
<li>create the template as an executable file like files/basic.conf.sh, it will output text using shell variables for the values</li>
</ul>
<div class="highlight-sh"><div class="highlight"><pre><span></span><span class="ch">#!/bin/sh</span>
<span class="c1"># in the template, use cat &lt;&lt; eof (here document) to output the text</span>
<span class="c1"># and use standard shell variables in the template</span>
<span class="c1"># output everything in the template script to stdout</span>
cat <span class="s">&lt;&lt; EOF</span>
<span class="s">server {</span>
<span class="s"> listen 80;</span>
<span class="s"> server_name $SERVERNAME;</span>
<span class="s"> root $ROOT;</span>
<span class="s"> access_log /var/log/nginx/$SERVERNAME_access.log</span>
<span class="s"> error_log /var/log/nginx/$SERVERNAME_error.log</span>
<span class="s">}</span>
<span class="s">EOF</span>
</pre></div>
</div>
<ul class="simple">
<li>in the manifest, export the relevant variables and add the following lines in your manifest:</li>
</ul>
<div class="highlight-console"><div class="highlight"><pre><span></span><span class="gp">#</span> <span class="nb">export</span> variables needed <span class="k">for</span> the template
<span class="go"> export SERVERNAME=&#39;test&quot;</span>
<span class="go"> export ROOT=&#39;/var/www/test&#39;</span>
<span class="gp">#</span> render the template
<span class="go"> mkdir -p &quot;$__object/files&quot;</span>
<span class="go"> &quot;$__type/files/basic.conf.sh&quot; &gt; &quot;$__object/files/basic.conf&quot;</span>
<span class="gp">#</span> send the rendered template
<span class="go"> __file /etc/nginx/sites-available/test.conf \</span>
<span class="go"> --state present</span>
<span class="go"> --source &quot;$__object/files/basic.conf&quot;</span>
</pre></div>
</div>
</div>
<div class="section" id="testing-a-new-type">
<h2>2.9. TESTING A NEW TYPE<a class="headerlink" href="#testing-a-new-type" title="Permalink to this headline"></a></h2>
<p>If you want to test a new type on a node, you can tell cdist to only use an
object of this type: Use the &#8216;&#8211;initial-manifest&#8217; parameter
with - (stdin) as argument and feed object into stdin
of cdist:</p>
<div class="highlight-sh"><div class="highlight"><pre><span></span><span class="c1"># Singleton type without parameter</span>
<span class="nb">echo</span> __ungleich_munin_server <span class="p">|</span> cdist --initial-manifest - munin.panter.ch
<span class="c1"># Singleton type with parameter</span>
<span class="nb">echo</span> __ungleich_munin_node --allow 1.2.3.4 <span class="p">|</span> <span class="se">\</span>
cdist --initial-manifest - rails-19.panter.ch
<span class="c1"># Normal type</span>
<span class="nb">echo</span> __file /tmp/stdintest --mode <span class="m">0644</span> <span class="p">|</span> <span class="se">\</span>
cdist --initial-manifest - cdist-dev-01.ungleich.ch
</pre></div>
</div>
</div>
<div class="section" id="other-content-in-cdist-repository">
<h2>2.10. OTHER CONTENT IN CDIST REPOSITORY<a class="headerlink" href="#other-content-in-cdist-repository" title="Permalink to this headline"></a></h2>
<p>Usually the cdist repository contains all configuration
items. Sometimes you may have additional resources that
you would like to store in your central configuration
repositiory (like password files from KeepassX,
Libreoffice diagrams, etc.).</p>
<p>It is recommended to use a subfolder named &#8220;non-cdist&#8221;
in the repository for such content: It allows you to
easily distinguish what is used by cdist and what not
and also to store all important files in one
repository.</p>
</div>
<div class="section" id="see-also">
<h2>2.11. SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><a class="reference external" href="../man1/cdist.html">cdist(1)</a></li>
<li><a class="reference external" href="cdist-tutorial.html">cdist-tutorial(7)</a></li>
</ul>
</div>
<div class="section" id="copying">
<h2>2.12. COPYING<a class="headerlink" href="#copying" title="Permalink to this headline"></a></h2>
<p>Copyright (C) 2011-2013 Nico Schottelius. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).</p>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="cdist-bootstrap.html" class="btn btn-neutral float-right" title="3. cdist-bootstrap(7)" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="../man1/cdist.html" class="btn btn-neutral" title="1. cdist(1)" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
&copy; Copyright .
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'../',
VERSION:'4.1.0',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.StickyNav.enable();
});
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink